8.8CVSS
8.6AI Score
0.001EPSS
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
7.8CVSS
7.8AI Score
0.0004EPSS
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
8.7AI Score
0.03EPSS
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...
6.1CVSS
7.5AI Score
0.001EPSS
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation o...
9.8CVSS
9.5AI Score
0.013EPSS